Hi. I ran into a problem while porting a service from William
Baxter's ucspi-ssl to s6-tlsserver: $TCPLOCALPORT wasn't being set. I
see that you've designed s6-tcpserver-access to handle setting that
variable, but it doesn't work when run under s6-tlsserver, where it
gets a pipe instead of the socket:
Agh! That's a painful one, because it's a complete oversight on my
part.
Thanks for the report, and sorry.
It makes sense to have DNS/ident lookups and access control factored
out into a separate program, but $TCPLOCALIP and $TCPLOCALPORT would
have to be set directly in s6-tcpserver4d and s6-tcpserver6d, wouldn't
they?
Not necessarily, they can still be set in a separate program, but said
program would need to be invoked *before* s6-tlsd - the element that
creates the pipes to run the rest of the command line under.
The problem here is that s6-tlsserver, which is a high-level command
that embeds several smaller ones, does not include s6-tcpserver-access
in the command line it is rewriting itself into. I wanted to keep the
symmetry with s6-tcpserver (and also not bother with parsing all the
s6-tcpserver-access options ^^'), so I left s6-tcpserver-access out of
what s6-tlsserver frontends for; but as you correctly point out, it was
a mistake, because you cannot chain s6-tlsserver into
s6-tcpserver-access.
The fix is for s6-tlsserver to embed a s6-tcpserver-access call in the
command line, before the s6-tlsd one. I will work on it.
--
Laurent
